Whether running a business or doing your own personal banking, having solid cyber security practices in place is a must. With data breaches on the rise and hackers becoming more and more advanced, protecting your company’s and your personal information has never been more important.
In this month’s virtual “Just Ask TCI” program we heard from experts Angela Polania, Managing Principal at Elevate Cyber Security Solutions, and Jeneen Paterson, Senior Director of Risk and Compliance at Ultimate Software. Here’s an overview of what they say are the most important measures to take to protect sensitive information.
1. Use Multi-Factor Authentication
Both Angela and Jeneen recommend using what’s called multi-factor authentication to validate that you really are the person who is trying to access accounts and other information. Multi-factor authentication will send a text message to your phone or an email to your account to verify that you’re really you, even if the password has been entered correctly.
2. Use a Password Vault
Password vaults like LastPass are another extremely important tool that both experts highly recommend using. These tools will safeguard your passwords for you. Still, you’ll need to use a master password to access your password vault, so it’s important to change your passwords regularly. “You can’t keep the same ones forever,” Angela says.
On a similar note, Jeneen stresses the importance of treating your business and personal accounts with the same level of care and protection. “Apply the same due care with how you manage passwords in both areas,” she says. “Don’t share passwords—don’t use same one for multiple locations.”
3. Assess Your Hiring and Training Strategies
Even for small businesses, having a hiring system in place that includes background checks and employee training on cyber security is an absolute must. “Educating employees first place to start,” Jeneen says. “They are usually the weakest link and first line of defense.”
“There are free services that you can use to give your workforce basic training on security,” Angela adds. “Do your employees know what phishing means and how to detect good vs. bad emails? This is really basic stuff, but it’s important.”
Jeneen also points out that “companies are often exploited by internal employees, not just outside hackers. Be careful of who you’re sharing with internally. Apply a high-level password to items you don’t want to share with everyone or create totally different file shares.”
4. Create an Inventory of the Items You Need to Protect
Organization can work in your favor when managing multiple accounts. Jeneen recommends creating an inventory of everything that you’re managing and make note of where you are storing and keeping track of records. “Then, draft out who has access to do what in all of those areas. Once you know the scope of everything you’re managing, how are you backing up that information? Backup information shouldn’t be stored in the same places.”
5. Avoid Using Flash Drives When Possible
Our experts both recommend using file sharing with encrypted data instead of flash drives and other portable storage if you can. “If you have to use flash drives,” Jeneen says, “put the files under password protection.”
When securing a home-based business, Angela suggests several cost-effective strategies, in addition to avoiding flash drives: “Have someone set up home firewalls, they’re not expensive. You can buy a device for $100 or less. Have very strong Wi-Fi controls in your home business, and have a separate guest network and internal network.”
“The reality is, there’s no one silver bullet that will solve all problems,” says Jeneen. “It’s a multilayered defense and depth approach. Everything from how you hire folks, perform background checks, and train employees, all the way to access management tools and backup solutions.”
Please join us for our next virtual “Just Ask TCI” program, which happen on the third Friday of each month. These are free and open to the public, so invite your friends and join us on your lunch break!